Privacy Policy

KINNOVIS GMBH
FN 500295d
Heinrich Bablik-Strasse 17, 2345 Brunn am Gebirge, Austria
info@kinnovis.com

General Information

The protection of your personal data (“Data”) is of particular concern to KINNOVIS GMBH (hereinafter referred to as “KINNOVIS”). KINNOVIS processes your Data in accordance with the relevant data protection regulations (e.g. GDPR, the Austrian Data Protection Act (DSG), the Austrian Telecommunications Act (TKG 2003)).

This Privacy Policy is addressed to customers, business partners and other business contacts (including their contact persons) of KINNOVIS, as well as other data subjects whose Data is processed in the course of KINNOVIS’s business activities, such as users of our services. In this Privacy Policy we provide information on how your Data is being processed and the rights you have with regard to your Data.

This Privacy Policy serves to fulfil the information obligations resulting from the relevant data protection regulations (in particular Art 13 and 14 GDPR and Sec 96 para 3 TKG 2003).

What Data is Processed? Where Does this Data Come from?

KINNOVIS processes the Data provided by you either directly to us or via third party controllers using the services of KINNOVIS (our clients) for the purposes for which they were collected, namely to provide our services and provide information relating to our services as well as for analysis purposes in order to keep up and improve our services. This includes your contact data, name, date of birth, address, e-mail address, telephone number, type of customer (private or commercial customer), UID number, company name, company register number, IP address, browser information, data on the service objects used by you and their location as well as booking, usage and invoicing data.

It may also occur in single cases in the course of KINNOVIS’ business activities, that Data is also obtained from third parties or from public sources (e.g. public registers); if necessary, you will be informed accordingly.

For What Purpose and on What Legal Basis Is the Data Processed?

The business activity of KINNOVIS comprises the development and operation as well as the provision of software and software-services for the purposes of administration, customer care, online booking and utilization in the area of self-storage warehouses, co-working spaces and office or residential facilities, as described on our website www.kinnovis.com.

KINNOVIS processes the Data for the purpose of providing and conducting its business activities and any related services and activities, such as the provision and operation of our software, the management of business relationships with customers and business partners, the fulfilment of legal obligations to which KINNOVIS and/or its customers are subject and for advertising our services and promotions.

The legal basis for this processing activities according to the relevant data protection regulations under Art 6 para 1 GDPR are: The processing of data is primarily required for the performance of the contract/pre-contractual measures the subject is party to according to lit b) leg. cit.; legal retention obligations we are subject to are considered a fulfilment of legal obligations according to lit c) leg. cit.; apart from these, KINNOVIS also pursues legitimate interests in the processing of the Data according to lit f) leg. cit. (i.e. the legitimate interest in the provision of our own business activities as described above as well as in respective direct marketing activities (see recital 47 GDPR); overriding opposing interests of data subjects are not apparent; the data subjects also have a right to object to this processing, where applicable). If necessary for special processing activities consent pursuant to lit a) leg. cit. shall be obtained separately in each individual case.

Will the Data Be Transferred to Other Recipients?

It may occur that your Data is transferred to third-party recipients insofar as it is necessary for the above-mentioned purposes. These recipients are business partners / sub-processors that support us in our business activities or whose services are a prerequisite for conducting our business activities and providing our services and who are subject to corresponding confidentiality obligations. Furthermore, we may be legally obliged to transfer or disclose your Data to third parties such as authorities or courts. If it is necessary for the assertion, exercise or defense of our legal claims, your Data may be disclosed to the bodies involved (such as lawyers, debt collection agencies).

Your Data will only be transferred to recipients outside the European Union or the European Economic Area in a few exceptional cases; in these cases, however, KINNOVIS ensures that your Data is adequately protected. The following third-party providers may receive personal data when providing our services:

Stripe:

For the processing of payment transactions, we use the services of Stripe Payments Europe Ltd. with its office in Ireland, a subsidiary of Stripe Inc., USA. This is necessary for the performance of the contractual relationship and the provision and invoicing of our services and it is also subject to our overriding legitimate interest in the provision and billing of our services. For payment processing, some Data is shared with Stripe Inc., USA. Stripe Inc. undertakes to comply with the EU standard contractual clauses in terms of Art 46 GDPR in order to ensure adequate protection of your Data. Detailed information on the processing of Data by Stripe can be found in the Stripe Privacy Policy at https://stripe.com/at/privacy. Furthermore, the utilization of Stripe Inc., for the purpose of payment processing and the data processing associated with this is necessary for the performance of the contractual relationship and provision and billing of our services (Art 49 para 1 lit. b) and c) GDPR).

 

 

AWS:

For hosting purposes and in order to provide our services online, we use services of Amazon Web Services, Inc., USA. This is necessary for the performance of the contractual relationship and the provision of our services and is also subject to our overriding legitimate interest in the provision of our services. The Data processed in this way is stored exclusively on servers in the “Frankfurt region” in Germany. However, access of Amazon Web Services, Inc. from the USA is possible. Amazon Web Services, Inc. undertakes to comply with the EU standard contractual clauses in terms of Art 46 GDPR in order to ensure adequate protection of your Data. You can find more information in the AWS Privacy Policy of Amazon Web Services, Inc. available at https://aws.amazon.com/privacy/ and https://aws.amazon.com/de/blogs/security/aws-gdpr-data-processing-addendum/. Furthermore, the utilization of Amazon Web Services, Inc., for the purpose of hosting our online services and data processing associated with this is necessary for the performance of the contractual relationship and provision of our services (Art 49 para 1 lit. b) and c) GDPR).

Firebase:

For delivery of push messages to contractual partners and users of our services, we use Firebase, a service of Google, Inc., USA, so that Data may also be processed there. This is necessary for the performance of the contractual relationship and the provision of our services, including delivery of push messages as agreed within the contractual relationships, and is also in our overriding legitimate interests to provide our aforementioned services. Google, Inc. undertakes to comply with the EU standard contractual clauses as defined in Art. 46 GDPR in order to ensure adequate protection of your Data. You can find more information on the terms of use and data protection in relation to Firebase at https://firebase.google.com/support/privacy. Furthermore, the utilization of Firebase and the associated data processing is necessary for the fulfilment of the contractual relationship for the provision of information and push notifications in accordance with the contractual agreements (Art 49 para 1 lit. b) and c) GDPR).

Hubspot:

For our online marketing and CRM, we use the services of Hubspot Inc., USA. Hubspot Inc. undertakes to comply with the EU standard contractual clauses as defined in Art 46 GDPR, and also internal binding corporate rules on data protection as defined in Art 47 GDPR, if any, in order to ensure adequate protection of your Data.

If you are the addressee of our marketing mailings (e.g. newsletters), your e-mail address (and in some cases also your first name, last name, title and gender) will be transmitted to Hubspot. For the purpose of evaluating the marketing mailings, cookies and web beacons are used which collect certain technical information (e.g. browser information, IP address, time of opening). The marketing mailings contain information on news, promotions and offers from KINNOVIS. The mailing is carried out on the basis of Sec 107 para. 3 TKG 2003 or – in cases where this provision should not apply – on the basis of the consent of the respective addressee. The evaluation of the marketing mailings is based on the pursuit of legitimate interests of KINNOVIS (Art 6 para 1 lit f GDPR: interest in marketing the services of KINNOVIS, interest in improving these services and marketing mailings). Newsletter recipients can unsubscribe from receiving (further) marketing mailings at any time by sending an email to info@kinnovis.com or by clicking on the corresponding “unsubscribe link” included at the end of each marketing mailing. You can find detailed information in the privacy policy and the cookie policy of Hubspot Inc. (https://legal.hubspot.com/privacy-policy and https://legal.hubspot.com/dpa as well as https://legal.hubspot.com/cookie-policy).

PandaDoc:

For our contract management and document automation of our contractual relationships with our direct customers (facility operators), we use services provided by PandaDoc Inc., USA. However, only Data of the property operators of the respective facilities using our services will be processed, not their customers’ Data (e.g. users, tenants, etc.). This data processing is based on our overriding legitimate interest in performing our services and managing our relating contractual relationships. PandaDoc Inc. undertakes to comply with the EU standard contractual clauses as defined in Art 46 GDPR in order to ensure adequate protection of your Data. Detailed information on the processing of Data by PandaDoc can be found in the Privacy Policy of PandaDoc Inc. at https://www.pandadoc.com/privacy-notice/ and https://www.pandadoc.com/gdpr/.

FreshDesk:                                                    

We use Freshdesk of Freshworks GmbH, Berlin, Germany, in order to provide and automate support and assistance for the provision of our services. Primarily, Freshdesk is used to provide support to our direct customers (facility operators), but also personal Data of their customers (users, tenants, etc.) may be processed in the course of providing the support services. The processing is carried out for the purpose of performing our contractual support services and also based on our legitimate interest in providing them. Detailed information on the processing of Data by Freshdesk can be found in the Privacy Policy of Freshworks GmbH at https://www.freshworks.com/privacy/ and https://www.freshworks.com/gdpr/.

Sensorberg:

For access control to the facilities managed with our software, we use services of Sensorberg GmbH, Berlin, Germany, which consequently receives Data, i.e. e-mail address, access times and objects of the object users. This is necessary for the performance of the contract and the provision of our related services. Detailed information on the processing of Data by Sensorberg GmbH can be found in the privacy policy of Sensorberg GmbH at https://sensorberg.com/imprint.

SKS-Kinkel – Digital Intercom System:

For the purpose of digital communication between the object users (end customers) and also their visitors by way of a digital intercom systems, we use services of SKS-Kinkel Elektronik GmbH, Hof / Westerwald, Germany, which consequently receives and processes Data, i.e. name/company name, address/object address, telephone number, e-mail address of the object users. This is necessary for the performance of the contract and provision of our services. Detailed information on the processing of Data by SKS-Kinkel Elektronik GmbH can be found in the privacy policy of SKS-Kinkel Elektronik GmbH at https://www.sks-kinkel.de/en/privacy-statement/.

Sentry – Error Analysis

For the purposes of error analysis on our website and our software services and the recording of system error logs, we use Sentry, a service of Functional Software Inc., USA. Consequently, Data may also be processed there. This is done in our overriding legitimate interest in maintaining the technical stability of our services and error analysis in order to provide our services. Functional Software Inc. undertakes to comply with the EU standard contractual clauses as defined in Art 46 GDPR in order to ensure adequate protection of your Data. For more information on the terms of use and data protection in relation to Sentry, please refer to the Functional Software Inc. privacy policy at https://sentry.io/privacy/.

Mailchimp – Marketing, Newsletters and Mailings

For the purposes of marketing, mailings and newsletters to inform clients and other interested parties about our services, we use Mailchimp, a service of The Rocket Science Group LLC, USA. Consequently, Data, i.e. name, contact details, e-mail address and usage data, may also be processed there. This is done on the basis of your consent to receive newsletters, advertising and/or other mailings, or – in the absence of such consent – on the basis of our overriding legitimate interest in marketing and direct marketing activities and the provision of newsletters or other information. The mailing is carried out on the basis of Sec 107 para. 3 TKG 2003 or – in cases where this provision should not apply – on the basis of the consent of the respective addressee. The evaluation of the marketing mailings is based on the pursuit of legitimate interests of KINNOVIS (Art 6 para 1 lit f GDPR: interest in marketing the services of KINNOVIS, interest in improving these services and marketing mailings). Newsletter recipients can unsubscribe from receiving (further) marketing mailings at any time by sending an email to info@kinnovis.com or by clicking on the corresponding “unsubscribe link” included at the end of each marketing mailing.

Rocket Science Group LLC./Mailchimp undertakes to comply with the EU standard contractual clauses iSd Art 46 GDPR to ensure adequate protection of your Data. There is also a data processing agreement in place with Mailchimp. You can find more information on the terms of use and data protection in relation to Mailchimp in the privacy policy of Rocket Science Group LLC. at https://mailchimp.com/legal/privacy/ and https://mailchimp.com/legal/data-processing-addendum/.

 

 

DigitalOcean – Hosting

For hosting purposes and for the provision of our online services, we use the services of DigitalOcean, LLC, USA. This is necessary for the performance of the contractual relationship and the provision of our services and is also subject to our overriding legitimate interest in the provision of our services. DigitalOcean, LLC undertakes to comply with the EU standard contractual clauses as defined by Art 46 GDPR in order to ensure adequate protection of your Data. Detailed information on the processing of Data by DigitalOcean, LLC can be found in their privacy policy at https://www.digitalocean.com/legal/privacy-policy/.

SIX Payment Services AG:

For the processing of payment transactions, we also use the services of SIX Payment Services AG, Switzerland, in the course of which names, contact data as well as usage and billing data may be shared. This is necessary for the performance of the contractual relationship and the provision and billing of our services and it is also subject to our overriding legitimate interest in the provision and billing of our services. You can find detailed information on the processing of Data by SIX Payment Services AG in their privacy policy at https://www.six-payment-services.com/en/services/legal/privacy-statement.html and https://www.six-payment-services.com/hr/services/legal/gdpr-closed-user-group-disclaimer.html.

How Long is the Data Stored?

In principle, KINNOVIS stores the Data only as long as this is necessary to achieve the above-mentioned purposes (usually until the end of the contractual relationship). However, there are legal retention obligations which mean that KINNOVIS has to store some Data for a certain period of time even after the contract has been performed and has ended. Data required for the assertion, exercise or defense of any legal claims are stored for as long as they are required for this purpose, i.e. until the expiry of any warranty or compensation periods plus a reasonable grace period.

What Rights do I have with Regard to My Data?

You have – within the framework of the legal prerequisites – the right to information, rectification, erasure, restriction, data portability, objection as well as withdrawal of consent given. You can assert these rights by sending an e-mail to info@kinnovis.com.

Regarding the right of withdrawal of consent: If you have given your consent to a processing of Data, you can withdraw this consent at any time. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal.

Regarding the right to object: You have the right to object at any time to the processing of your Data processed by KINNOVIS on the basis of a legitimate interest (Art 6 para 1 lit f GDPR) for reasons arising from your particular situation. In this case, we shall no longer process your Data unless we have compelling legitimate grounds for the processing which override your interests, rights and freedoms or the processing serves for the establishment, exercise or defense of legal claims. You can object to the processing of your Data for advertising purposes at any time without giving reasons.

If you believe that the processing of your Data violates applicable data protection regulations, you can contact us at info@kinnovis.com or file a complaint with the competent supervisory authority (in Austria: the data protection authority).

Changes to the Privacy Policy

KINNOVIS reserves the right to update its Privacy Policy in its sole discretion. The current version of the Privacy Policy can be found at https://kinnovis.com/privay-policy